« Why Weblogs for KM? | Main | Westcheck.com »

March 28, 2004

More on Spam - Directory Harvest Attacks

I opened a new email account a couple of months back in preparation for closing down my old one because of the large volume of spam it collects. Within a couple of days I'd received several spam messages on my new, never used email address. Obviously the address wasn't harvested from listservs, web sites, or chat rooms, or any indiscretion on my part. So how did the spammers get it?

Easy. As a matter of course, they simply send out email to randomly generated email addresses. Inevitably a percentage of their guesses are correct and are delivered to real people. So since the spam sent to my new email address didn't bounce, the spammers could note that it was a confirmed, valid email address, and send even MORE spam. Oh happy day.

This process is detailed in "Understanding Directory Harvest Attacks", PC Magazine, April 6, 2004. Though I've be aware of this method I did not understand all of the details, mainly that the spammer adds all such "found" addresses to their database.

Now that I do, it seems quite obvious to me that most spam filtering software is missing the boat. They should not only filter the spam, but ALSO bounce it back to the sender making it look as though the address doesn't exist. The other advantage to this approach is that if your spam filter bounces a legitimate email, the sender is notified, and if the message is important, can choose to contact you using alternate methods.

There is one spam filter that does this now, Mailwasher, and I used it for quite a while. (See my November article on spam in Searcher Magazine for more details.) Though it might not be an ideal spam filter in some ways, it certainly does foil the harvest attacks. All the other spam filters should be doing the same.

Posted by Cindy L. Chick on March 28, 2004 04:54 PM

Comments

I've been using the trial version of MailWasher to bounce back virus-laden emails from a personal address. When I told my web hosting company that I was receiving 2-5 viral emails per day, their reply was "use a virus protection program that is compatible with Outlook."

I'm wondering when web hosting companies will catch up with free web mail providers like Yahoo! in the "hey, let's screen for viruses!" mode of thinking.

Posted by: Jennifer Stephens at March 30, 2004 02:22 PM

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?